Important security patches for Magento CE 1.x

  • Important security patches for Magento CE 1.x

Magento community is steadily moving towards full adoption of Magento 2.x. More and more merchants are migrating to Magento 2.x and hence more developers and agencies are developing Magento 2.x projects enthusiastically. It is also getting stable as a platform with each passing day. However, like any new system, it still has many open issues and technical flaws that need to be sorted out soon.

This also means that Magento 1.x is still alive and being used widely. Hungersoft recommends that no new projects should be developed using Magento 1.x as base but the 1.x webshops that are already live can continue to run as long as the merchant wishes to. For that to happen, it is very important that you keep your Magento CE 1.x webshop updated with all security patches released by Magento. This will not only keep your webshop secure and safe but will also help you exending its life and hence saving you alot of money for the time being. If you have not been keeping your Magento CE 1.x webshop updated with latest security patches then you should get it done on urgent basis. It is even more important with EUGDPR in place now. Keeping your customer data secure is fully your responsibility and these security patches will help you with that.

Here is a quick reference list of all important security patches that were released by Magento in last 2 years for CE 1.x versions:

1. SUPEE-10570 v2

Release date: Mar 28, 2018
Applicable to: Magento CE 1.9.3.8 and all lower versions
It contains many security improvements that help fix security holes like remote code execution (RCE), cross-site scripting (XSS), and other issues.
Note: Version 1 of this patch was causing issues with checkout on some setups, so if you have v1 installed then you should remove it and install v2 of this patch.
You can read more details about this patch at the official source.

2. SUPEE-10497

Release date: Dec 11, 2017
Applicable to: Magento CE 1.9.1.1
It includes several security updates that help close cross-site request forgery (CSRF), Denial-of-Service (DoS), unauthorized data leak and authenticated Admin user remote code execution (RCE) vulnerabilities.
Note: This patch is replacement for previous patches SUPEE-10415 and SUPEE-10266. So you should remove those 2 first and then install this one.
You can read more about 10415 here and click here to read about 10266

3. SUPEE-10336

Release date: Sep 11, 2017
Applicable to: Only if you use  USPS method in your shop
Note: This patch addresses USPS method name changes starting Sep 1, 2017. For versions 1.8.0.0 and older, this patch should be applied on top of all previous USPS patches

4. SUPEE-9767 v2

Release date: Jul 12, 2017
Applicable to: Magento CE 1.5.0.1 - 1.9.3.2 versions
Note: This patch replaces SUPEE-9767. Previously installed SUPEE-9767 patch needs to be reverted prior to installing this version. This patch provides protection against several types of security-related issues, including remote code execution, information leaks and cross-site scripting. You can read more about it here.

5. SUPEE-9652

Release date: Feb 7, 2017
Applicable to:  Magento CE 1.5.0.1 - 1.9.3.1 versions
This patch provides protection against attacks abusing Zend library vulnerability. You can read more about it here.

6. SUPEE-8967

Release date: May 2017
Applicable to: All Magento CE 1.X versions lower than CE 1.9.3.0
This patch contains update for Magento to correctly recognize update BIN (Bank Identification Numbers) range of card numbers from Mastercard. For versions older than Magento CE 1.9.0.0, a previous patch for Discover changes (SUPEE-2725) need to be applied first.

7. SUPEE-8788

Release date: Oct 11, 2016
Applicable to: Magento CE 1.5.0.1 - 1.9.2.4 versions
This patch provides protection against several types of security-related issues, including remote code execution, information leaks and cross-site scripting. You can read more about this patch at its release page.
Note: if you have installed version 1 of the patch then you should take following steps:
Remove SUPEE-8788 v1/
Remove SUPEE-1533 (if installed)
Implement SUPEE-3941 (if not installed yet)
Implement SUPEE-8788 v2

8. SUPEE-8167

Release date: May 8, 2017
Applicable to: All Magento CE 1.X versions lower than 1.9.2.4
This patch contains update for Magento with new PayPal IPN server location. It is required to keep PayPal processing transactions past June 30, 2017.

9. SUPEE-7405 v1.1

Release date: Feb 23, 2016
Applicable to: Magento CE 1.5.0.0 - 1.9.2.3 versions
This patch fixes issues introduced with patch SUPEE-7405 and also bundles Cart Merge Patch (SUPEE-7978), SOAP API Patch (SUPEE-7822), PHP 5.3 Compatibility (SUPEE-7882) You can read more about it here.

10. SUPEE-7405 v1.0

Release date: Jan 20, 2016
Applicable to: Magento CE 1.5.0.0 - 1.9.2.3 versions
This patch provides protection against several types of security-related issues, including information leaks and cross-site scripting.

11. SUPEE-7616

Release date: Jan 20, 2016
Applicable to: Only if you use  USPS method in your shop
This patch addressed USPS method name changes starting Jan 16, 2016

There are many other security patches that were released before 2016. You can download all these patches from here. If you are interested in knowing how to apply Magento CE 1.x secutiry patches then you can refer to this guide.

Security patch installation should only be performed by expert professionals and it goes without saying that they should be attempted and tested on a development environment first. And don't forget to take backup of live files and database before applying any new security patches. Test your webshop frontend and backoffice well after applying any patches as they do tend to cause issues.

Feel free to contact Hungersoft for all your Magento security patch and update related queries and tasks.

Company
Magento 2 Extensions
Magento Extensions
Live chat: cookie consent required

Copyright © Hungersoft 2019

· Terms & Conditions · Privacy policy